CVE-2026-28064 | ThemeREX Edge Decor Plugin up to 2.2 on WordPress filename control

A vulnerability was found in ThemeREX Edge Decor Plugin up to 2.2 on WordPress and classified as critical. The affected element is an unknown function. The manipulation results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is known as CVE-2026-28064. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More